ABSTRACT 


A flow-based intrusion detection system for detecting intrusions in computer 
communication networks. Data packets representing communications between hosts in a 
computer-to-computer communication network are processed and assigned to various 
client/server flows. Statistics are collected for each flow. Then, the flow statistics are 
analyzed to determine if the flow appears to be legitimate traffic or possible suspicious 
activity. A concern index value is assigned to each flow that appears suspicious. By 
assigning a value to each flow that appears suspicious and adding that value to the total 
concern index of the responsible host, it is possible to identify hosts that are engaged in 
intrusion activity. When the concern index value of a host exceeds a preset alarm value, 
an alert is issued and appropriate action can be taken. 
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